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Remarks 

Claims 1-28 are pending in the application. 

Claims 1, 3, 8-12, 15, 18-21, 23, and 25-28 are rejected under 35 U.S.C. § 102(e) 
as being anticipated by Chesla et al.'s U.S. Publication 2004/0250124 Al (hereinafter 
"Chesla"). 

Claims 1-7 and 26 are rejected under 35 U.S.C. § 102(e) as being anticipated by 
Lau et al.'s US Publication 2004/0062199 Al (hereinafter "Lau"). 

Claims 13, 14, 16, 17, 22, and 24 are objected to as being dependent upon a 
rejected base claim, but would be allowable if rewritten in independent form including all 
of the limitations of the base claim and any intervening claims. 

Each of the various rejections and objections are overcome by amendments that 
are made to the specification, drawing, and/or claims, as well as, or in the alternative, by 
various arguments that are presented. 

Entry of this Amendment is proper under 37 CFR §1.116 because the amendment: 

(a) places the application in condition for allowance for the reasons discussed herein; 

(b) does not raise any new issue requiring further search and/or consideration since the 
amendments amplify issues previously discussed throughout prosecution; (c) satisfies a 
requirement of form asserted in the previous Office Action; (d) does not present any 
additional claims without canceling a corresponding number of finally rejected claims; or 
(e) places the application in better form for appeal, should an appeal be necessary. The 
amendment is necessary and was not earlier presented because it is made in response to 
arguments raised in the final rejection. Entry of the amendment is thus respectfully 
requested. 

Any amendments to any claim for reasons other than as expressly recited herein 
as being for the purpose of distinguishing such claim from known prior art are not being 
made with an intent to change in any way the literal scope of such claims or the range of 
equivalents for such claims. They are being made simply to present language that is 
better in conformance with the form requirements of Title 35 of the United States Code 
or is simply clearer and easier to understand than the originally presented language. Any 
amendments to any claim expressly made in order to distinguish such claim from known 
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prior art are being made only with an intent to change the literal scope of such claim in 
the most minimal way, i.e., just to avoid the prior art in a way that leaves the claim novel 
and not obvious in view of the cited prior art, and no equivalent of any subject matter 
remaining in the claim is intended to be surrendered. 

Also, because a dependent claim inherently includes the recitations of the claim or 
chain of claims from which it depends, it is submitted that the scope and content of any 
dependent claims that have been herein rewritten in independent form is exactly the same 
as the scope and content of those claims prior to having been rewritten in independent 
form. That is, although by convention such rewritten claims are labeled herein as having 
been "amended," it is submitted that only the format, and not the content, of these claims 
has been changed. This is true whether a dependent claim has been rewritten to expressly 
include the limitations of those claims on which it formerly depended or whether an 
independent claim has been rewritten to include the limitations of claims that previously 
depended from it. Thus, by such rewriting no equivalent of any subject matter of the 
original dependent claim is intended to be surrendered. If the Examiner is of a different 
view, he is respectfully requested to so indicate. 
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REMARKS 

Rejections Under 35 U.S.C. §102 
Claims 1, 3, 8-12, 15, 18-21, 23 and 25-28 

Claims 1, 3, 8-12, 15, 18-21, 23, and 25-28 are rejected under 35 U.S.C. § 102(e) 
as being anticipated by Chesla. The rejection is traversed. 

Anticipation requires the presence in a single prior art disclosure of each and 
every element of the claimed invention, arranged as in the claim. The Chesla reference 
fails to disclose each and every element of the claimed invention, as arranged in 
independent claim 1 . 

Specifically, Chesla fails to teach or suggest at least "a plurality of routers 
forming a security perimeter of a network," as recited in independent claim 1. The 
Examiner states that "Chesla clearly depicts and states there are a plurality of routers 
located at the periphery of the network (figure 1C, and page 7, paragraph 118). These 
routers work with the network appliance and therefor are part of the security system." 
Applicants respectfully disagree with the Examiner's rationale. 

From the Examiner's argument, it is not clear which element in Figure 1C the 
Examiner interprets as the network of Applicants' claim 1, namely the ISP (option 1) or 
the customer network 56 (option 2). However, with either interpretation, the network 
elements 42 do not anticipate the above named element of Applicants' claim 1 . 

Paragraph 1 18 of Chesla states: 

"FIG. 1C is a block diagram that schematically illustrates network security system 
20 deployed at the periphery of an Internet Service Provider (ISP) facility 40 , in 
accordance with an embodiment of the present invention. The ISP facility 
typically comprises various network elements 42, such as routers , switches, 
bridges, servers, and clients. ISP 40 is connected to at least one WAN 44, 
typically the Internet, and many customer networks, such as a customer network 
46. ISP 40 typically deploys security system 20 between the periphery of the ISP 
facility and customer network 46. The ISP may, for example, offer customers the 
security protection provided by system 20 as a managed service" (emphasis 
added). 

Option 1: Paragraph 18 does not state that the network elements are located at the 
perimeter of the ISP, instead they are described as being included in the ISP, and thus, do 
not necessarily form the perimeter of the ISP. Only the security system is described as 
being possibly deployed at the periphery of the ISP. The Examiner states that the routers 
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work with the network appliance (security system), and thus, are part of the security 
system. According to such a rationale, the customer network, which also works with the 
network appliance, may be considered as a part of the security system. However, this 
clearly contradicts Chesla's arrangements because the security system serves to protect 
multiple customer networks. Moreover, following the Examiner's rationale and 
considering Applicant's claim 1 as a whole, if the network elements form the security 
perimeter of the ISP, then DDoS attacks should be directed at a location within the ISP. 
However, this also contradicts Chesla's arrangement because the ISP protects the 
customer network from attacks and such attacks are directed to locations within the 
customer network. The network elements do not protect the ISP from the attacks. 

Option 2: In paragraph 18, Chesla discusses two possible locations for the 
network appliance (security system), namely at the periphery of the ISP or between the 
periphery of the ISP and customer network. Neither of these locations qualifies as the 
security perimeter of the network. Thus, neither the network elements, nor the network 
appliance (security system) form the security perimeter of the customer network. 
Furthermore, as described by Chesla, one ISP connects WAN to multiple customer 
networks. Therefore, as described by Chesla, there is only one point of connection 
between the multiple customers and multiple network elements, namely the network 
appliance (security system). Accordingly, even assuming that the security system is at 
the perimeter of one of the customer networks and the network elements are part of the 
security system, because there is only one point of connection between the network 
elements and the customer networks, the network elements at most may be considered as 
one element of the perimeter, and thus, at most anticipate only one router of Applicants' 
claim 1 . 

Additionally, Chesla fails to teach or suggest a "determining a discarding 
threshold." The Examiner asserts that the discarding threshold is disclosed in paragraph 
225 of Chesla. Applicants respectfully disagree. 

Paragraph 225 states: 

"... The FIS module defuzzifies this fuzzy set, i.e., resolves the fuzzy set into a 
single value representing a degree of the attack, at a defuzzification step 296. For 
example, the degree of attack may have a range between 2 and 10, with higher 
numbers indicative of a greater likelihood that an attack is occurring. A degree of 
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attack value between 2 and 4 may represent a normal (non-attack) degree, a value 
between 4 and 8 may represent a suspect (potential) attack degree, and a value 
between 8 and 10 may represent an attack degree. The FIS module passes, the 
degree of attack to network flood controller 60, at [a] degree of attack output step 
298. The controller typically interprets the output as an indication of the 
occurrence of an attack when the degree of attack exceeds a certain threshold, e.g., 
8 out of a range between 2 and 10 " (emphasis added) 

Accordingly, the cited portion discusses various attack degrees. More specifically, 
Chesla states that "8" might be a value of the threshold defining that an attack has 
occurred. However, the threshold defining an attack degree is simply not the same as 
Applicants' discarding threshold. As Chesla describes in paragraphs 132 through 134, 
even when a determined degree attack is above the threshold, i.e., "8," network packets 
are not necessarily discarded . For example, if after recognizing a degree attack above "8" 
it is determined that the attack was transient, no traffic is discarded. In contrast, the 
Applicants' discarding threshold defines a condition in which an incoming packet should 
be discarded at the security perimeter. Furthermore, Chesla's threshold is pre-defined as 
a number between 2 and 10. In contrast, Applicants' discarding threshold is not pre- 
defined , rather it is determined, using for example, cumulative probability function. 
Accordingly, Chesla does not teach or suggest each and every element of Applicants 
claim 1. 

As such, independent claim 1 is not anticipated by Chesla and is allowable under 
35 U.S.C. §102. Independent claims 8, 18, 26, and 27 recite relevant limitations similar 
to those recited in independent claim 1 and, as such, and at least for the same reasons as 
discussed above, these independent claims also are not anticipated by Chesla and are 
allowable under 35 U.S.C. §102. Because all of the dependent claims that depend from 
the independent claims include all the limitations of the respective independent claim 
from which they ultimately depend, each such dependent claim is also allowable. 

Therefore, Applicants' claims 1, 3, 8-12, 15, 18-21, 23, and 25-28 are allowable 
under 35 U.S.C. § 102(e). The Examiner is respectfully requested to withdraw the 
rejection. 
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Claims 1-7 and 26 

Claims 1-7 and 26 are rejected under 35 U.S.C. § 102(e) as being anticipated by 
Lau. The rejection is traversed. 

The Lau reference fails to disclose each and every element of the claimed 
invention, as arranged in independent claim 1. Specifically, the Lau reference fails to 
teach or suggest at least "a plurality of packet attribute values aggregated from a plurality 
of routers forming a security perimeter of a network," as recited in independent claim 1. 

In the Final Office Action, the Examiner asserts that Lau discloses the above 
named element because "Lau teaches that there is a router and network processor located 
on the perimeter of the network (Figure 1) and ... that there could be a plurality of the 
network processors (page 2, paragraph 16). Therefore they form a plurality of security 
perimeter routers." Applicants respectfully disagree with such reasoning. 

Fig. 1 of Lau shows a network processor within a network, where the network 
also comprises at least one router and at least one server. The network processor is 
adapted to detect and filter IP packets travelling from the router to the server and is 
located in the communication path between the router and the server (see page 2, 
paragraph 15). However, nowhere in the cited portion does Lau teach that the network 
processor, router, or their combination is a perimeter router. 

Moreover, assuming as the Examiner suggests that the network processor and the 
router are located on the perimeter of the network, a mere statement that the server, 
network processor, and the router may comprise fewer or additional units is not sufficient 
to anticipate the above named Applicants' element. Lau does not explicitly teach that an 
additional unit would form the security perimeter of the network. Further, because such 
additional unit may be, for example, another server, the plurality of routers forming the 
security perimeters of the network is not inherent from Lau. 

Furthermore, Applicants claim "a plurality of packet attribute values aggregated 
from a plurality of routers." In other words, a packet attribute value of a packet received 
at one router of the plurality of routers is aggregated with a packet attribute value of 
another packet received at another router of the plurality of routers. In contrast, the cited 
portion of Lau describes an arrangement involving only one server, one network 
processor, and one router and merely mentions that additional units may be used. 
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Consequently, Lau does not discuss aggregation of packet attributes values from a 
plurality of routers. Moreover, because each router may aggregate packet attribute values 
of packets passing only through that router, aggregating packet attribute values from a 
plurality of routers is not inherent from Lau. 

Therefore, the Lau reference fails to disclose each and every element of the 
claimed invention, as arranged in Applicants' independent claim 1 . As such, independent 
claim 1 is not anticipated by Lau and is allowable under 35 U.S.C. §102. Because claims 
1 - 6 depend from independent claim 1, and thus, include all the elements of claim 1, each 
such dependent claim is also allowable over Lau. Independent claim 26 recites relevant 
limitations similar to those recited in independent claim 1 and, as such, and at least for 
the same reasons as discussed above, independent claim 26 also is not anticipated by Lau 
and is allowable under 35 U.S.C. §102. 

Therefore, Applicants' claims 1-7 and 26 are allowable under 35 U.S.C. § 102(e). 
The Examiner is respectfully requested to withdraw the rejection. 

Allowable Subject Matter 

Claims 13, 14, 16, 17, and 22, and 24 are objected to as being dependent upon a 
rejected base claim, but would be allowable if rewritten in independent form including all 
of the limitations of the base claim and any intervening claims. 

Applicants thank the Examiner for the indication of allowable subject matter with 
respect to claims 13, 14, 16, 17, 22, and 24. However, for at least the reasons discussed 
above, the base claims are allowable and, as such, claims 13, 14, 16, 17, 22, and 24 are 
allowable. 

The Examiner is respectfully requested to withdraw the objection. 



780260-1 



Serial No. 10/723,450 
Page 1 8 of 1 8 



Conclusion 

It is respectfully submitted that the Office Action's rejections have been 
overcome and that this application is now in condition for allowance. Reconsideration 
and allowance are, therefore, respectfully solicited. 

If, however, the Examiner still believes that there are unresolved issues, the 
Examiner is invited to call Eamon Wall at (732) 530-9404 so that arrangements may be 
made to discuss and resolve any such issues. 



Respectfully submitted, 



Eamon J. Wall 
Registration No. 39,414 
PATTERSON & SHERIDAN, LLP 
595 Shrewsbury Avenue, Suite 100 
Shrewsbury, New Jersey 07702 
Telephone: 732-530-9404 
Facsimile: 732-530-9808 



780260-1 



